﻿<?php session_start(); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<?php
if (!(isset($_SESSION["cart"]))) {
header("Location: index.php");
exit();
}
?>
<?php
include("siteName.php");
if (isset($_GET["delindex"])) {
if (strval($_SESSION["cart"][intval($_GET["delindex"])][0]) == strval($_GET["id"])) {
array_splice($_SESSION["cart"], intval($_GET["delindex"]), 1);
}
}//end of checking if something to be removed from cart
$itemArray = array();
require("dbInc.php");
$mysqliObj = new mysqli($dbHost, $dbUser, $dbPass, $dbDB);
foreach ($_SESSION["cart"] as $prod) {
$sql = sprintf("select id, vName, vDescription, fPrice from %s where id = %s;", $tableProducts, $prod[0]);
$res = $mysqliObj->query($sql);
$res->data_seek(0);
if ($res->num_rows > 0) {
$row = $res->fetch_assoc();
array_push($itemArray, array("id"=>$row["id"], "vName"=>$row["vName"], "fPrice"=>$row["fPrice"], "fQuantity"=>$prod[1]));
}//end of checking if product data row returned
}//end of looping through session cart array
if (count($itemArray) < 1) {
unset($_SESSION["cart"]);
header("Location: index.php");
exit();
}//end of checking if cart empty
//check if checkout form submitted
if (isset($_POST["btnCheckout"])) {
$vAdditional = $_POST["txtAdditional"];
$vAdditionalDB = "'" . mysqli_real_escape_string($mysqliObj, $vAdditional) . "'";
$totalPriceDB = 0.0;
//write initial order info to DB
$orderDateTime = date("Y/m/d H:i");
$orderDateTimeDB = "'" . mysqli_real_escape_string($mysqliObj, $orderDateTime) . "'";
$sql = sprintf("insert into %s (iUserID, vDateTime, vOrderNumber, fTotal, vAdditional) values (%s, %s, '', %f, %s);", $tableOrders, $_SESSION["id"], $orderDateTimeDB, $totalPriceDB, $vAdditionalDB);
$mysqliObj->query($sql);
$orderID = $mysqliObj->insert_id;
$body = "";
foreach ($itemArray as $item) {
$itemTotalDB = floatval($item["fPrice"]) * floatval($item["fQuantity"]);
$totalPriceDB += $itemTotalDB;
$itemTotal = $currencySymbol . sprintf("%1\$.2f", floatval($itemTotalDB));
$body .= sprintf("<tr>\n<td>%s</td><td>%s</td><td align='right'>%s</td>", $item["vName"], $item["fQuantity"], $itemTotal);
$body .= "</tr>\n";
$sql = sprintf("insert into %s (iOrderID, iProductID, fQuantity, fItemTotal) values (%s, %s, %f, %f);", $tableItems, $orderID, $item["id"], $item["fQuantity"], $itemTotalDB);
$mysqliObj->query($sql);
}//end of looping through cart items
$sql = sprintf("update %s set fTotal = %f where id = %s;", $tableOrders, $totalPriceDB, $orderID);
$mysqliObj->query($sql);
$totalPrice = $currencySymbol . sprintf("%1\$.2f", floatval($totalPriceDB));
//send notification e-mails
$body = "<h3>" . $siteName . " order placement</h3>\n<p>" . $_SESSION["uName"] . ", has placed the following order:</p>\n<table border=0>\n" . $body;
$body .= "</table>\n<p>You can go to the following address/page to check it out:<br />\n<a href='" . $siteAddress . "/admin/' target='_blank'>" . $siteAddress . "/admin/</a>\n";
$subject = $siteName . " order placement";
$to = $siteEmail;
include("sendMail.php");
sendMail($to, $body, $subject);
unset($_SESSION["cart"]);
header("Location: checkout.php");
}//end of checking for form submission
$mysqliObj->close();
?>
<?php
$sOut = "<p>Welcome to the " . $siteName . " site";
if (isset($_SESSION["uName"])) {
$sOut .= ", " . $_SESSION["uName"];
}
$sOut .= ", your shopping cart is below, and you can remove items, or checkout.</p>";
?>
<title><?php echo $siteName; ?> - my shopping cart</title>
<link type="text/css" rel="stylesheet" href="styles.css" />
<script type="text/javascript" language="javascript">
function checkMsg() {
var msg = "<?php echo $msg; ?>";
if (msg.length > 0) {
alert(msg);
}
}//end of checkMsg function
</script>
</head>
<body onload="checkMsg();">
<iframe name="logoFrame" id="logoFrame" src="logo.htm" border="0" height="120" align="top" frameborder="0" marginheight="0" width="100%" scrolling="no">
<a href="http://www.blindza.co.za/" target="_blank">
<img src="logo/blindza_logo_smaller46.jpg" alt="blindZA.co.za logo - white text on black background, with white border - and red braille version hovering in front of normal text" width="317" height="103" border="0" />
</a>
</iframe>
<a href="index.php">Back to entry page</a>
<h2><?php echo $siteName; ?> - my shopping cart</h2>
<p><?php echo $sOut; ?></p>
<form action="cart.php" method="post" enctype="multipart/form-data">
<table align="center" border="0">
<tr>
<th>Product name</th><th>Quantity</th><th align="right">Item total</th><td>&nbsp;</td>
</tr>
<?php
$totalPrice = 0.0;
$itemIndex = 0;
foreach ($itemArray as $item) {
$itemTotal = floatval($item["fPrice"]) * floatval($item["fQuantity"]);
$totalPrice += $itemTotal;
$itemTotal = $currencySymbol . sprintf("%1\$.2f", floatval($itemTotal));
$sOut = sprintf("<tr>\n<td>%s</td><td>%s</td><td align='right'>%s</td>", $item["vName"], $item["fQuantity"], $itemTotal);
$sOut .= "<td><a href='cart.php?delindex=" . $itemIndex . "&id=" . $item["id"] . "'>Remove item</a></td>\n</tr>\n";
echo $sOut;
$itemIndex += 1;
}//end of looping through cart items
$totalPrice = $currencySymbol . sprintf("%1\$.2f", floatval($totalPrice));
?>
<tr>
<th colspan="2">Total price:</th><th align="right"><?php echo $totalPrice; ?></th>
</tr>
<tr>
<th align="right" valign="top">Additional instructions/requirements?</th>
<td>
<textarea name="txtAdditional" multiline="false" rows="3" cols="50"></textarea>
</td>
</tr>
<tr>
<th align="center" colspan="3">
<input type="hidden" name="txtTotal" value="<?php echo $totalPrice; ?>" />
<?php
if (isset($_SESSION["id"])) {
?>
<input type="submit" name="btnCheckout" value="Checkout-place order" />
<?php
} else {
echo "<span class='error'>You need to be registered/logged in to place an order</span>\n";
}//end of checking if logged in
?>
</th>
</tr>
</table>
</form>
</body>
</html>
